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WHAT IS CLAIMED IS: 

1 . A method for managing a session key used for enabling communications 
between a mobiie terminai and an access point in a wireless local area network 
("WLAN"), comprising the steps of: 

receiving a request for access to the WLAN from the mobile terminal; 
determining a virtual operator associated with the access request; 
establishing a first secure channel between the access point and the virtual 
operator; 

requesting user authentication from the virtual operator via the first secure 
channel, wherein the virtual operator communicates with the mobile terminal via a 
second secure channel to authenticate the mobile terminal; 

selecting a session key and sending the session key to the virtual operator via 
the first secure channel, wherein the virtual operator sends the session key to the 
mobile terminal via the second secure channel; and 

communicating with the mobile terminal using the session key. 

2. The method according to claim 1 , wherein the step of requesting user 
authentication is performed in parallel with the step of selecting and sending the 
session key. 

3. The method according to claim 2, wherein the communicating step comprises 
communicating with the mobile terminal using the session key upon receiving 
notification of successful user authentication from the virtual operator. 

3. The method according to claim 2, wherein the step of selecting a session key 
comprises placing the session key on hold until notification of successful user 
authentication from the virtual operator, and upon notification removing the session 
key from on hold and sending the session key to the virtual operator. 

4. The method according to claim 3, further comprising the step of removing the 
session key from on hold if the authentication is successful. 



5. 



The method according to claim 1 , wherein the step of selecting a session key 
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and sending the session key to the virtual operator via the first secure channel is 
performed only after receiving notification of successful user authentication from the 
virtual operator. 

5 6. The method according to claim 1 , wherein the virtual operator includes one of 

an Internet Service Provider, a cellular provider and a credit card provider. 

7. An apparatus for managing a session key used for enabling communications 
between a mobile terminal and a wireless local area network ("WLAN"), comprising: 

10 means for receiving a request for access to the WLAN from the mobile 

terminal; 

means for determining a virtual operator associated with the access request; 
first means for communicating with the virtual operator via a first secure 
channel, the first communicating means requesting user authentication from the 
15 virtual operator via the first secure channel, wherein the virtual operator 

communicates with the mobile terminal via a second secure channel to authenticate 
the mobile terminal; 

means, coupled to the first communicating means, for selecting a session key 
and sending the session key to the virtual operator via the first secure channel, 

20 wherein the virtual operator sends the session key to the mobile terminal via the 
second secure channel; and 

second means for communicating with the mobile terminal using the session 

key. 

25 8. The apparatus according to claim 7, wherein the first communicating means 

requests user authentication in parallel with selecting means selecting and sending 
the session key. 

9. The method according to claim 8, wherein the second communicating means 
30 communicates with the mobile terminal using the session key upon receiving 

notification of successful user authentication from the virtual operator. 

10. The method according to claim 9, wherein the selecting means places the 
session key on hold until notification of successful user authentication from the virtual 
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operator, and upon notification removes the session key from on hold and sends the 
session key to the virtual operator. 

1 1 . The method according to claim 10, wherein the selecting means removes the 
5 session key from on hold if the authentication is successful. 

12. The method according to claim 7, wherein the selecting means selects a 
session key and sends the session key to the virtual operator via the first secure 
channel only after receiving notification of successful user authentication from the 

10 virtual operator. 

13. The method according to claim 7, wherein the virtual operator includes one of 
an Internet Service Provider, a cellular provider and a credit card provider. 

15 14. A method for controlling a mobile terminal in a wireless local area network 

(WLAN), comprising the steps of: 

transmitting a request for access to the WLAN, the request including data 
identifying an associated virtual operator; 

establishing a secure channel with the virtual operator for performing user 
20 authentication associated with the request for access; 

receiving a session key via the secure channel upon successful user 
authentication wherein the virtual operator receives the session key from the WLAN 
through a second secure channel; and 

establishing communications with the WLAN using the session key. 
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